SB2020040127 - Red Hat Enterprise Linux 7 update for wireshark

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020040127

SB2020040127 - Red Hat Enterprise Linux 7 update for wireshark

Published: April 1, 2020

Security Bulletin ID SB2020040127
Severity
Medium
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 57% Low 43%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Memory corruption (CVE-ID: CVE-2018-7418)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to boundary error in epan/dissectors/packet-sigcomp.c when extraction of the length value. A remote attacker can cause the SIGCOMP dissector to crash.


2) Buffer over-read (CVE-ID: CVE-2018-11362)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in epan/dissectors/packet-ldss.c due to buffer over-read upon encountering a missing '' character. A remote attacker can inject a malformed packet onto the wire or convince someone to read a malformed packet trace file, trigger memory corruption and cause the LDSS dissector to crash.

3) Improper input validation (CVE-ID: CVE-2018-14340)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to a flaw when handling malicious input. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a malformed packet trace file and cause the dissectors that support zlib decompression to crash.


4) Infinite loop (CVE-ID: CVE-2018-14341)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to an infinite loop when handling malicious input. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a malformed packet trace file, consume excessive CPU resources and cause the DICOM dissector to crash.


5) Infinite loop (CVE-ID: CVE-2018-14368)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to an infinite loop when handling malicious input. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a malformed packet trace file, consume excessive CPU resources and cause the Bazaar protocol dissector to crash.


6) Memory corruption (CVE-ID: CVE-2018-16057)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to boundary error in the ieee80211_radiotap_iterator_next() function, as defined in the epan/dissectors/packet-ieee80211-radiotap-iter.c source code file. A remote attacker can inject a malformed packet into a network, to be processed by the affected application, or trick the victim into opening a malicious packet trace file and cause the Radiotap dissector component to crash.


7) Infinite loop (CVE-ID: CVE-2018-19622)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to infinite loop when handling user-supplied input. A remote attacker can inject a malformed packet into a network, to be processed by the affected application, or trick the victim into opening a malicious packet trace file and cause the MMSE dissector to crash.


Remediation

Install update from vendor's website.

References